You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-iot/organizations/detect-windows-endpoints-script.md
+11-14Lines changed: 11 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -41,11 +41,9 @@ Before performing the procedures in this article, you must have:
41
41
The script described in this article is supported for the following Windows operating systems:
42
42
43
43
- Windows XP
44
-
- Windows 2000
45
-
- Windows NT
46
44
- Windows 7
47
45
- Windows 10
48
-
- Windows Server 2003/2008/2012/2016/2019
46
+
- Windows Server 2003/2008/2012
49
47
50
48
## Download and run the script
51
49
@@ -55,26 +53,25 @@ The script detects enriched Windows data, and is run as a utility and not an ins
55
53
56
54
1. Sign into your OT sensor console, and select **System Settings** > **Import Settings** > **Windows Information**.
57
55
58
-
1. Select **Download script**. For example:
56
+
1. Select **Download script**. Your browser might ask you if you want to keep the file, select **Keep** or any similar options.
59
57
60
58
:::image type="content" source="media/detect-windows-endpoints-script/download-wmi-script.png" alt-text="Screenshot of where to download WMI script." lightbox="media/detect-windows-endpoints-script/download-wmi-script.png":::
61
59
62
-
1. Copy the script to a local drive and unzip it. The following files appear:
60
+
1. Copy the file to a local drive and unzip it. The following file appears:
63
61
64
-
-`start.bat`
65
-
-`settings.json`
66
-
-`data.bin`
67
-
-`run.bat`
62
+
-`Extract_system_info.bat`
68
63
69
-
1. Run the `run.bat` file.
64
+
1. Run the `Extract_system_info.bat` file.
70
65
71
-
After the script runs to probe the registry, a CX-snapshot file appears with the registry information. The filename indicates the machine name and the current date and time of the snapshot with the following syntax: `cx_snapshot_[machinename]_[current date time]`.
66
+
1. You'll be asked whether you want to display errors on screen or not. Make you own selection.
72
67
73
-
Files generated by the script include:
68
+
After the script runs to probe the registry, an output file appears with the registry information. The filename indicates the current date and time of the snapshot with the following syntax: `[current date time]_system_info_extractor`.
69
+
70
+
Files generated by the script:
74
71
75
72
- Remain on the local drive until you delete them.
76
-
-Must remain in the same location. Don't separate the generated files.
77
-
-Are overwritten if you run the script again.
73
+
-Are overwritten if you run the script again on the same day.
74
+
-Include an errorOutput file that is empty if no errors occurred during the running of the script.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments